Helpmij tegen spyware offensief (deel 2)

[Faab]

oke fixed en checked!! Maar ik hou het probleem bij housecall heeft te maken met active X betsurings elemant niet uitvoeren!

Die hijack dat is de geluidskaart!!

Enig idee voor de ACTIVE x

 

[Pieter Arntz]

Met Housecall in de vertrouwde zone zou het moeten werken.

Kijk even onder aangepast niveau hoe je ActiveX instellingen zijn voor de vertrouwde zone.

Groetjes,

Pieter

 

[Faab]

kan je miuj vertellen waar die firewall in XP zit?

 

[dibro]

Re: Re: corrextie

Geplaatst door Pieter Arntz


Hoi dibro,

Geen spyware. Ik heb wat dingetjes gequote die je in msconfig uit kunt vinken om te kijken of dat scheelt.

Groetjes,

Pieter

Ik ga het proberen,
bedankt voor de moeite!

Grt,

dibro

 

[Pieter Arntz]

Geplaatst door Faab
kan je miuj vertellen waar die firewall in XP zit?

Hoe kom je daar nou weer op?

Rechtsklik op de verbinding in Netwerkverbindingen > kies eigenschappen > tabblad Geavanceerd.

Groetjes,

Pieter

 

[Faab]

omdat msn het ook niet meer doet maar de firewall staat uit...!

allemaal erg vaag! Want die active x besturingelement fout blijft komen en kan dus nog steeds neit op die pagina

 

[marietta16]

Hoi,

Ik heb hier een log...kan er iemand effe naar kijken?
Het is van Hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 17:30:44, on 28-12-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\WMonitor\WLanCfgAB.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\driver.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\WINDOWS\System32\cat.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\Winreg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brijns\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Program Files\WMonitor\WLanCfgAB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\driver.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [Diskstart] C:\WINDOWS\System32\cat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [system] C:\WINDOWS\System32\driver.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.nl
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/eroticAccess/cabs/1783001.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/4/859/nl.exe
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456...players/english/5.0/win/PulsePlayer5AxWin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

[Papajo]

Bedankt Pieter.
Doet wel niks aan die iconen enzo, maar dat probeer ik wel met een andere vraag op te lossen.
Jo

 

[Pieter Arntz]

Geplaatst door marietta16

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html

O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s

O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\driver.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [Diskstart] C:\WINDOWS\System32\cat.exe

O4 - HKCU\..\Run: [system] C:\WINDOWS\System32\driver.exe

O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.browserplugin.com/eroticAccess/cabs/1783001.cab

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx

O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/4/859/nl.exe

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe

Hoi marietta16,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnmieuw op, liefst in veilige modus en verwijder:
C:\Program Files\Startportal <= de hele map
C:\Program Files\Altnet\Points Manager <= de hele map
C:\Program Files\COMET SYSTEMS <= de hele map
C:\WINDOWS\System32\cat.exe

En wil je deze svp naar me mailen, tenzij jij weet waar hij voor dient?
C:\WINDOWS\System32\driver.exe
Mijn emailadres vind je in het eerste bericht van dit topic.

Bij voorbaat dank,

Pieter

 

[marietta16]

Hoi,

Dank je wel voor je hulp, ben weer heel wat wijzer geworden. :thumb:

Marietta

 

[Pieter Arntz]

Geplaatst door marietta16
Hoi,

Dank je wel voor je hulp, ben weer heel wat wijzer geworden. :thumb:

Marietta

Ik niet. Heb je dat bestandje waar ik om vroeg nog gevonden?

Groetjes,

Pieter

 

[monaco]

Goedeavond,

Ik heb last van een terugkeerende startpagina op de computer van mijn kinderen.
het gaat om een pagina die van www.24start.com afkomt.
De startpagina heeft als adres;
D:\Program Files\Startportal\Portal\portal.html

Als ik deze'startportaal'verwijder komt hij na een aantal minuten weer terug.

Wil iemand deze log bekijken?

Logfile of HijackThis v1.97.7
Scan saved at 21:08:07, on 28-12-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\RCRAWLER\RCrawler.exe
D:\Program Files\Browser mouse\1.3\mouse32a.exe
D:\Program Files\Medionkeyboard\1.3\KbdAp32A.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\WINDOWS\System32\cat.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\word\Office\OSA.EXE
C:\word\Office\FINDFAST.EXE
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Stephan en Michael\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Program%20Files/Startportal/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///D:/Program%20Files/Startportal/Portal/portal.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Registry Crawler] D:\PROGRA~1\RCRAWLER\RCrawler.exe -TRAYONLY
O4 - HKLM\..\Run: [FLMK08KB] D:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMMEDIONMOUSE] D:\Program Files\Browser mouse\1.3\mouse32a.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Diskstart] D:\WINDOWS\System32\cat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Office Opstarten.lnk = C:\word\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\word\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://D:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Toevoegen aan Mobiele favorieten (HKLM)
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

 

[Marijnissen50]

Ongewenste startupitems

Wil je ook onnodige startups verwijderen en log beoordelen. Vast bedankt
Logfile of HijackThis v1.97.7
Scan saved at 22:51:52, on 28-12-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\mqinx.exe
D:\windows\system32\win32info.exe
D:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE
C:\program files\primesoft\safesearch\safesearch.exe
D:\WINDOWS\wt\updater\wcmdmgr.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe
D:\PROGRA~1\Date Manager\DateManager.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Program Files\Common files\updater\wupdater.exe
C:\program files\altnet\points manager\points manager.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
D:\windows\system32\nscntrl.exe
C:\Program Files\Tukati\Redistributor\1\TukatiRedistributor.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Frans Marijnissen\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:3128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///D:/Program%20Files/Startportal/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=105
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F1 - win.ini: run=d:\windows\system32\mqinx.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - D:\WINDOWS\System32\SafeSearch.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -   ¦ (file missing)
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} -   ¦ (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -   ¦ (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PrimeSoft - {00000000-0000-0000-0000-000000000001} - D:\WINDOWS\System32\SafeSearch.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [win32info] d:\windows\system32\win32info.exe /noconnect
O4 - HKLM\..\Run: [WebScan] D:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [wcmdmgr] D:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SafeSearch] c:\program files\primesoft\safesearch\safesearch.exe /install
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Lorraine] D:\WINDOWS\System32\Lorraine.exe
O4 - HKLM\..\Run: [FSW] D:\Program Files\FSW\FSW.EXE
O4 - HKLM\..\Run: [ExitKiller] D:\Program Files\Exit Killer\Ekiller.exe
O4 - HKLM\..\Run: [cursor] "D:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe"
O4 - HKLM\..\Run: [Hot_Netherlands] c:\program files\dialers\hot_netherlands\hot_netherlands.exe /noconnect
O4 - HKLM\..\Run: [Date Manager] "D:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] D:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updater] D:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [nscntrl] d:\windows\system32\nscntrl.exe /noconnect
O4 - HKLM\..\Run: [Mqinx] d:\windows\system32\mqinx.exe
O4 - HKLM\..\Run: [Diskstart] D:\WINDOWS\System32\cat.exe
O4 - HKCU\..\Run: [Tukati:1] C:\Program Files\Tukati\Redistributor\1\TukatiRedistributor.exe -r:1 -x:1
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mqinx] d:\windows\system32\mqinx.exe
O4 - Startup: EzVoice 1.1.1.lnk = ?
O4 - Startup: Watch.lnk = D:\WINDOWS\twain_32\A4S2_32\WATCH.exe
O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://quickfix.chello.nl/sdccommon/download/tgctlsi.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://quickfix.chello.nl/sdccommon/download/tgctlins.cab
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - http://quickfix.chello.nl/sdccommon/download/tgctlpr.cab
O16 - DPF: {1059D2E2-EA3E-11D5-AF3C-0060085C9531} (CAX Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/sikes/nl/win/QuickTimeInstaller.exe
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.pornobioscoop.nl/plugin/pornobioscoopnl009.exe
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://www.x0.nl/install2/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/127/274/nl.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {C79976AD-5141-4346-8F48-70D65B80281F} (IPGNetworkInfo.ExtendedSI) - http://quickfix.chello.nl/esupport/asp/IPGNetworkInfo.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DABA57A8-B747-46F2-9E3F-CDCD4C6C6A33} (MetaInstaller Class) - http://webmixer.i-project.nl/packages/metainstaller.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.6.9.9/tukati.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

 

[Pieter Arntz]

Geplaatst door monaco
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Program%20Files/Startportal/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///D:/Program%20Files/Startportal/Portal/portal.html

O4 - HKLM\..\Run: [Diskstart] D:\WINDOWS\System32\cat.exe

Hoi monaco,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnmieuw op, liefst in veilige modus en verwijder:
C:\Program Files\Startportal <= de hele map
C:\WINDOWS\System32\cat.exe

Groetjes,

Pieter

 

[Pieter Arntz]

Re: Ongewenste startupitems

Geplaatst door Marijnissen50


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///D:/Program%20Files/Startportal/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=105
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F1 - win.ini: run=d:\windows\system32\mqinx.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - D:\WINDOWS\System32\SafeSearch.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -   ¦ (file missing)
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} -   ¦ (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -   ¦ (file missing)

O3 - Toolbar: PrimeSoft - {00000000-0000-0000-0000-000000000001} - D:\WINDOWS\System32\SafeSearch.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [win32info] d:\windows\system32\win32info.exe /noconnect
O4 - HKLM\..\Run: [WebScan] D:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [wcmdmgr] D:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SafeSearch] c:\program files\primesoft\safesearch\safesearch.exe /install
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [Lorraine] D:\WINDOWS\System32\Lorraine.exe
O4 - HKLM\..\Run: [FSW] D:\Program Files\FSW\FSW.EXE

O4 - HKLM\..\Run: [Hot_Netherlands] c:\program files\dialers\hot_netherlands\hot_netherlands.exe /noconnect
O4 - HKLM\..\Run: [Date Manager] "D:\PROGRA~1\Date Manager\DateManager.exe"

O4 - HKLM\..\Run: [P2P Networking] D:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] D:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [updater] D:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [nscntrl] d:\windows\system32\nscntrl.exe /noconnect
O4 - HKLM\..\Run: [Mqinx] d:\windows\system32\mqinx.exe
O4 - HKLM\..\Run: [Diskstart] D:\WINDOWS\System32\cat.exe

O4 - HKCU\..\Run: [Mqinx] d:\windows\system32\mqinx.exe

O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.pornobioscoop.nl/plugin/pornobioscoopnl009.exe

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://www.x0.nl/install2/dialxs.ocx

O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/127/274/nl.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/sportsgames/nikefootball/nike/wtinst.cab

Hoi Frans,

Spaar je dialers ? :8-0:

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnmieuw op, liefst in veilige modus en verwijder:
C:\Program Files\Startportal <= de hele map
C:\WINDOWS\System32\cat.exe
d:\windows\system32\mqinx.exe
D:\Program Files\MyWay <= de hele map
D:\WINDOWS\System32\Lorraine.exe
d:\windows\system32\win32info.exe
c:\program files\primesoft\safesearch <= de hele map
D:\Program Files\FSW <= de hele map
c:\program files\dialers <= de hele map
D:\Program Files\Common files\updater\wupdater.exe
D:\Program Files\Date Manager <= de hele map
c:\program files\altnet\points manager <= de hele map
d:\windows\system32\nscntrl.exe
D:\Program Files\Common Files\GMT <= de hele map

Suc6,

Pieter

 

[P@sbeer]

Re: Re: Ongewenste startupitems

Geplaatst door Pieter Arntz


Hoi Frans,

Spaar je dialers ? :8-0:

Pieter

vermoedlijk geen spwyware blaster, adaware en spybot aanboord?

 

[H@ns]

Geplaatst door Pieter Arntz


Hoi H@NsiePanzzzer,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\Altnet\Points Manager <= de hele map

Download dan updEnabler.exe on http://www.handybits.com/update_service.asp
Daarmee kun je de update service van Teknum uitzetten.

Groetjes,

Pieter

Many Thanks!!! :thumb:

 

[DJ Tazzie]

Helpme

Gescand met Ad Aware

maar er blijft een irritante extra blauwe searchbalk

Logfile of HijackThis v1.97.3
Scan saved at 1:39:00, on 29-12-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpyFerret by OnlinePCfix\SFerret.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\download\hijackthis_temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.171.103.188:9090/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F0 - system.ini: Shell=
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38e6808a-bb1f-4412-b1ab-0f4f51e204f7} - C:\DOCUME~1\TAZMAN~1\APPLIC~1\glgqujlythcr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.2\NHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: eyyoafstths - {0a38e94c-153e-4cb6-a5ab-eb254b45f914} - C:\DOCUME~1\TAZMAN~1\APPLIC~1\glgqujlythcr.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Entry (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {06EE5631-8B69-4BF6-A531-91BDDF785734} (chelloInstall.Install) - http://quickfix.chello.nl/esupport/asp/chelloInstall.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37848.1252546296
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

Bijvoorbaat dank mannen

 

[Pieter Arntz]

Re: Helpme

Geplaatst door DJ Tazzie


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

F0 - system.ini: Shell=
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll

O2 - BHO: (no name) - {38e6808a-bb1f-4412-b1ab-0f4f51e204f7} - C:\DOCUME~1\TAZMAN~1\APPLIC~1\glgqujlythcr.dll

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.2\NHelper.dll

O3 - Toolbar: eyyoafstths - {0a38e94c-153e-4cb6-a5ab-eb254b45f914} - C:\DOCUME~1\TAZMAN~1\APPLIC~1\glgqujlythcr.dll

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

Bijvoorbaat dank mannen

Hoi DJ Tazzie,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnmieuw op, liefst in veilige modus en verwijder:
C:\Program Files\NavExcel <= de hele map (heeft niks met Norton te maken, is gewoon spyware)

Groetjes,

Pieter

 

[Pieter Arntz]

Re: Re: Re: Ongewenste startupitems

Geplaatst door P@sbeer


vermoedlijk geen spwyware blaster, adaware en spybot aanboord?

SpywareBlaster zou zeker een hoop gescheeld hebben.
http://home01.wxs.nl/~kleyn080/Spywareinfonl.html punt 4)

Groetjes,

Pieter